Time to change your passwords
Cloudflare, an internet services provider that manages 10 percent of all web traffic, has been leaking assorted bits of customer information — passwords, cookies, personal information, messages and more — since a bug appeared in their code in September 2016, according to a company statement released late Thursday. The company maintains behind-the-scenes details, such as protection from cyber attacks and large scale backups, for websites and mobiles apps like Uber, OKCupid, FitBit, League of Legends, Glassdoor and the online tip jar Patreon (Here’s a list of Cloudflare clients).
What should I do?
Check your password managers and change all your passwords, especially those on these affected sites. Rotate API keys & secrets, and confirm you have 2-FA set up for important accounts. This might sound like fear-mongering, but the scope of this leak is truly massive, and due to the fact that all Cloudflare proxy customers were vulnerable to having data leaked, it’s better to be safe than sorry.
Read on at GitHub…